<?php

    include('constants.php');
    include('connection.php');
    include('functions.php');

    // STEP 1: read POST data
     
    // Reading POSTed data directly from $_POST causes serialization issues with array data in the POST.
    // Instead, read raw POST data from the input stream. 
    $raw_post_data = file_get_contents('php://input');
    $raw_post_array = explode('&', $raw_post_data);
    $myPost = array();
    foreach ($raw_post_array as $keyval) {
      $keyval = explode ('=', $keyval);
      if (count($keyval) == 2)
         $myPost[$keyval[0]] = urldecode($keyval[1]);
    }   
    // read the IPN message sent from PayPal and prepend 'cmd=_notify-validate'
    $req = 'cmd=_notify-validate';
    if(function_exists('get_magic_quotes_gpc')) {
       $get_magic_quotes_exists = true;
    } 
    foreach ($myPost as $key => $value) {        
       if($get_magic_quotes_exists == true && get_magic_quotes_gpc() == 1) { 
            $value = urlencode(stripslashes($value)); 
       } else {
            $value = urlencode($value);
       }
       $req .= "&$key=$value";
    }
     
     
    // STEP 2: POST IPN data back to PayPal to validate
     
    $ch = curl_init('https://www.sandbox.paypal.com/cgi-bin/webscr');
    curl_setopt($ch, CURLOPT_HTTP_VERSION, CURL_HTTP_VERSION_1_1);
    curl_setopt($ch, CURLOPT_POST, 1);
    curl_setopt($ch, CURLOPT_RETURNTRANSFER,1);
    curl_setopt($ch, CURLOPT_POSTFIELDS, $req);
    curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 1);
    curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 2);
    curl_setopt($ch, CURLOPT_FORBID_REUSE, 1);
    curl_setopt($ch, CURLOPT_HTTPHEADER, array('Connection: Close'));
     
    // In wamp-like environments that do not come bundled with root authority certificates,
    // please download 'cacert.pem' from "http://curl.haxx.se/docs/caextract.html" and set 
    // the directory path of the certificate as shown below:
     //curl_setopt($ch, CURLOPT_CAINFO, 'cacert.pem');
     $path =  dirname(__FILE__);
     curl_setopt($ch, CURLOPT_CAINFO, $path.'/cacert.pem');
     

    if( !($res = curl_exec($ch)) ) {
        // error_log("Got " . curl_error($ch) . " when processing IPN data");
        curl_close($ch);
        exit;
    }
    curl_close($ch);
     
     
    // STEP 3: Inspect IPN validation result and act accordingly
    
    $columns = array();   
    $result = db_query("SELECT `COLUMN_NAME`  FROM `INFORMATION_SCHEMA`.`COLUMNS` 
     WHERE `TABLE_SCHEMA`= :dbname  AND `TABLE_NAME`= :tblname", array(':dbname' => 'paypal', ':tblname' => 'transactions'));
    foreach ($result as $record) {
      $columns[] = $record->COLUMN_NAME;
    }
  
    $table_cols = array();
    $table_cols['created'] = REQUEST_TIME;

    foreach($_POST as $key => $value) {
        $col_exists = array_search($key, $columns);
        if ($col_exists != FALSE) {
            $table_cols[$key] = $value;

       }
    }

  
    if (strcmp ($res, "VERIFIED") == 0) {

        // The IPN is verified, process it:
        // check whether the payment_status is Completed
        // check that txn_id has not been previously processed
        // check that receiver_email is your Primary PayPal email
        // check that payment_amount/payment_currency are correct
        // process the notification
          $query = "insert into transactions (tr_id, receiver_email) values(4, 'verified')";
          mysql_query($query);

        // assign posted variables to local variables
        $txn_id = $_POST['txn_id'];
        $receiver_email = $_POST['receiver_email'];
        $mc_gross = $_POST['mc_gross'];
        $mc_currency = $_POST['mc_currency'];
        $item_number = $_POST['item_number'];
        foreach ($_POST as $key => $value) {
          $query = "insert into transactions(colone, coltwo) values('$key', '$value')";
          mysql_query($query);

        }
       

        }

         else if (strcmp ($res, "INVALID") == 0) {
          
          $query = "insert into transactions (tr_id, receiver_email) values(4, 'Invalid')";
          mysql_query($query);

          // IPN invalid, log for manual investigation
        $txn_id = $_POST['txn_id'];
        $receiver_email = $_POST['receiver_email'];
        $mc_gross = $_POST['mc_gross'];
        $mc_currency = $_POST['mc_currency'];
        foreach ($_POST as $key => $value) {
          $query = "insert into transactions(colone, coltwo) values('$key', '$value')";
          mysql_query($query);

        }

        echo "The response from IPN was: <b>" .$res ."</b>";
    }
